Rev 219 | Rev 250 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 2 | daniel-mar | 1 | <?php |
| 2 | |||
| 3 | /* |
||
| 4 | * OIDplus 2.0 |
||
| 5 | * Copyright 2019 Daniel Marschall, ViaThinkSoft |
||
| 6 | * |
||
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
| 8 | * you may not use this file except in compliance with the License. |
||
| 9 | * You may obtain a copy of the License at |
||
| 10 | * |
||
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
| 12 | * |
||
| 13 | * Unless required by applicable law or agreed to in writing, software |
||
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
| 16 | * See the License for the specific language governing permissions and |
||
| 17 | * limitations under the License. |
||
| 18 | */ |
||
| 19 | |||
| 104 | daniel-mar | 20 | function oidplus_valid_email($email) { |
| 2 | daniel-mar | 21 | return !empty(filter_var($email, FILTER_VALIDATE_EMAIL)); |
| 22 | } |
||
| 23 | |||
| 107 | daniel-mar | 24 | function oidplus_link($goto) { |
| 219 | daniel-mar | 25 | if (strpos($goto, '#') !== false) { |
| 26 | list($goto, $anchor) = explode('#', $goto, 2); |
||
| 27 | return 'href="?goto='.urlencode($goto).'#'.htmlentities($anchor).'" onclick="openOidInPanel('.js_escape($goto).', true, '.js_escape($anchor).'); return false;"'; |
||
| 28 | } else { |
||
| 29 | return 'href="?goto='.urlencode($goto).'" onclick="openOidInPanel('.js_escape($goto).', true); return false;"'; |
||
| 30 | } |
||
| 107 | daniel-mar | 31 | } |
| 32 | |||
| 2 | daniel-mar | 33 | function secure_email($email, $linktext, $level=1) { |
| 34 | |||
| 35 | // see http://www.spamspan.de/ |
||
| 36 | |||
| 37 | /* Level 1 */ |
||
| 38 | /* |
||
| 39 | <span class="spamspan"> |
||
| 40 | <span class="u">user</span> |
||
| 41 | @ |
||
| 42 | <span class="d">beispiel.de</span> |
||
| 43 | (<span class="t">Spam Hasser</span>) |
||
| 44 | </span> |
||
| 45 | */ |
||
| 46 | |||
| 47 | if ($level == 1) { |
||
| 104 | daniel-mar | 48 | @list($user, $domain) = explode('@', $email); |
| 2 | daniel-mar | 49 | if (($linktext == $email) || empty($linktext)) { |
| 50 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span>@<span class="d">'.htmlentities($domain).'</span></span>'; |
||
| 51 | } else { |
||
| 52 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span>@<span class="d">'.htmlentities($domain).'</span>(<span class="t">'.htmlentities($linktext).'</span>)</span>'; |
||
| 53 | } |
||
| 54 | } |
||
| 55 | |||
| 56 | /* Level 2 */ |
||
| 57 | /* |
||
| 58 | <span class="spamspan"> |
||
| 59 | <span class="u">user</span> |
||
| 60 | <img alt="at" width="10" src="@.png"> |
||
| 61 | <span class="d">beispiel.de</span> |
||
| 62 | </span> |
||
| 63 | */ |
||
| 64 | |||
| 65 | if ($level == 2) { |
||
| 66 | list($user, $domain) = explode('@', $email); |
||
| 67 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span><img alt="at" width="10" src="@.png"><span class="d">'.htmlentities($domain).'</span></span>'; |
||
| 68 | } |
||
| 69 | |||
| 70 | /* Level 3 */ |
||
| 71 | /* |
||
| 72 | <span class="spamspan"> |
||
| 73 | <span class="u">user</span> |
||
| 74 | [at] |
||
| 75 | <span class="d">beispiel [dot] de</span> |
||
| 76 | </span> |
||
| 77 | */ |
||
| 78 | |||
| 79 | if ($level == 3) { |
||
| 80 | list($user, $domain) = explode('@', $email); |
||
| 81 | $domain = str_replace('.', ' [dot] ', $domain); |
||
| 82 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span> [at] <span class="d">'.htmlentities($domain).'</span></span>'; |
||
| 83 | } |
||
| 84 | |||
| 85 | return null; |
||
| 86 | |||
| 87 | |||
| 88 | // --- Old code --- |
||
| 89 | |||
| 90 | // Attention: document.write() JavaScript will damage the browser cache, which leads to bugs if you navigate back&forth with the browser navigation |
||
| 91 | |||
| 92 | // No new lines to avoid a JavaScript error! |
||
| 93 | $linktext = str_replace("\r", ' ', $linktext); |
||
| 94 | $linktext = str_replace("\n", ' ', $linktext); |
||
| 95 | |||
| 96 | if (!function_exists('alas_js_crypt')) |
||
| 97 | { |
||
| 98 | function alas_js_crypt($text) |
||
| 99 | { |
||
| 100 | $tmp = ''; |
||
| 101 | for ($i=0; $i<strlen($text); $i++) |
||
| 102 | { |
||
| 103 | $tmp .= 'document.write("&#'.ord(substr($text, $i, 1)).';");'; |
||
| 104 | } |
||
| 105 | return $tmp; |
||
| 106 | } |
||
| 107 | } |
||
| 108 | |||
| 109 | if (!function_exists('alas_js_write')) |
||
| 110 | { |
||
| 111 | function alas_js_write($text) |
||
| 112 | { |
||
| 113 | $text = str_replace('\\', '\\\\', $text); |
||
| 114 | $text = str_replace('"', '\"', $text); |
||
| 115 | $text = str_replace('/', '\/', $text); // W3C Validation </a> -> <\/a> |
||
| 116 | return 'document.write("'.$text.'");'; |
||
| 117 | } |
||
| 118 | } |
||
| 119 | |||
| 120 | $aus = ''; |
||
| 121 | if ($email != '') |
||
| 122 | { |
||
| 123 | $aus .= '<script><!--'."\n"; // type="text/javascript" is not necessary in HTML5 |
||
| 124 | $aus .= alas_js_write('<a href="'); |
||
| 125 | $aus .= alas_js_crypt('mailto:'.$email); |
||
| 126 | $aus .= alas_js_write('">'); |
||
| 127 | $aus .= $crypt_linktext ? alas_js_crypt($linktext) : alas_js_write($linktext); |
||
| 128 | $aus .= alas_js_write('</a>').'// --></script>'; |
||
| 129 | } |
||
| 130 | |||
| 131 | if ($crypt_linktext) $linktext = str_replace('@', '&', $linktext); |
||
| 132 | $email = str_replace('@', '&', $email); |
||
| 133 | return $aus.'<noscript>'.htmlentities($linktext).' ('.htmlentities($email).')</noscript>'; |
||
| 134 | } |
||
| 135 | |||
| 136 | function insertWhitespace($str, $index) { |
||
| 137 | return substr($str, 0, $index) . ' ' . substr($str, $index); |
||
| 138 | } |
||
| 139 | |||
| 140 | function js_escape($data) { |
||
| 141 | // TODO.... json_encode?? |
||
| 142 | return "'" . str_replace('\\', '\\\\', $data) . "'"; |
||
| 143 | } |
||
| 144 | |||
| 104 | daniel-mar | 145 | function oidplus_formatdate($date) { |
| 2 | daniel-mar | 146 | $date = explode(' ', $date)[0]; |
| 147 | if ($date == '0000-00-00') $date = ''; |
||
| 148 | return $date; |
||
| 149 | } |
||
| 150 | |||
| 151 | |||
| 152 | class MailException extends Exception {} |
||
| 153 | |||
| 154 | function my_mail($to, $title, $msg, $cc='', $bcc='') { |
||
| 6 | daniel-mar | 155 | $h = new SecureMailer(); |
| 2 | daniel-mar | 156 | |
| 6 | daniel-mar | 157 | $title = $title; |
| 2 | daniel-mar | 158 | |
| 76 | daniel-mar | 159 | $h->addHeader('From', OIDplus::config()->getValue('admin_email')); |
| 2 | daniel-mar | 160 | |
| 161 | if (!empty($cc)) $h->addHeader('Cc', $cc); |
||
| 162 | if (!empty($bcc)) $h->addHeader('Bcc', $bcc); |
||
| 163 | |||
| 6 | daniel-mar | 164 | $h->addHeader('X-Mailer', 'PHP/'.phpversion()); |
| 165 | if (isset($_SERVER['REMOTE_ADDR'])) $h->addHeader('X-RemoteAddr', $_SERVER['REMOTE_ADDR']); |
||
| 121 | daniel-mar | 166 | $h->addHeader('MIME-Version', '1.0'); |
| 167 | $h->addHeader('Content-Type', 'text/plain; charset=ISO-8859-1'); |
||
| 2 | daniel-mar | 168 | |
| 6 | daniel-mar | 169 | $sent = $h->sendMail($to, $title, $msg); |
| 170 | if (!$sent) { |
||
| 171 | throw new MailException('Sending mail failed'); |
||
| 172 | } |
||
| 11 | daniel-mar | 173 | } |
| 174 | |||
| 175 | function trim_br($html) { |
||
| 176 | do { $html = preg_replace('@^\s*<\s*br\s*/{0,1}\s*>@isU', '', $html, -1, $count); } while ($count > 0); // left trim |
||
| 177 | do { $html = preg_replace('@<\s*br\s*/{0,1}\s*>\s*$@isU', '', $html, -1, $count); } while ($count > 0); // right trim |
||
| 178 | return $html; |
||
| 179 | } |
||
| 74 | daniel-mar | 180 | |
| 181 | function verify_private_public_key($privKey, $pubKey) { |
||
| 182 | try { |
||
| 183 | if (empty($privKey)) return false; |
||
| 184 | if (empty($pubKey)) return false; |
||
| 185 | $data = 'TEST'; |
||
| 186 | if (!@openssl_public_encrypt($data, $encrypted, $pubKey)) return false; |
||
| 187 | if (!@openssl_private_decrypt($encrypted, $decrypted, $privKey)) return false; |
||
| 188 | return $decrypted == $data; |
||
| 189 | } catch (Exception $e) { |
||
| 190 | return false; |
||
| 191 | } |
||
| 192 | } |
||
| 193 | |||
| 194 | function smallhash($data) { // get 31 bits from SHA1. Values 0..2147483647 |
||
| 195 | return (hexdec(substr(sha1($data),-4*2)) & 2147483647); |
||
| 196 | } |
||
| 180 | daniel-mar | 197 | |
| 182 | daniel-mar | 198 | function split_firstname_lastname($name) { |
| 199 | $ary = explode(' ', $name); |
||
| 200 | $last_name = array_pop($ary); |
||
| 201 | $first_name = implode(' ', $ary); |
||
| 202 | return array($first_name, $last_name); |
||
| 203 | } |
||
| 204 | |||
| 180 | daniel-mar | 205 | function originHeaders() { |
| 206 | // CORS |
||
| 207 | // Author: Till Wehowski |
||
| 182 | daniel-mar | 208 | |
| 180 | daniel-mar | 209 | header("Access-Control-Allow-Credentials: true"); |
| 210 | header("Access-Control-Allow-Origin: ".strip_tags(((isset($_SERVER['HTTP_ORIGIN'])) ? $_SERVER['HTTP_ORIGIN'] : "*"))); |
||
| 211 | |||
| 212 | header("Access-Control-Allow-Headers: If-None-Match, X-Requested-With, Origin, X-Frdlweb-Bugs, Etag, X-Forgery-Protection-Token, X-CSRF-Token"); |
||
| 213 | |||
| 214 | if (isset($_SERVER['HTTP_ORIGIN'])) { |
||
| 215 | header('X-Frame-Options: ALLOW-FROM '.$_SERVER['HTTP_ORIGIN']); |
||
| 216 | } else { |
||
| 217 | header_remove("X-Frame-Options"); |
||
| 218 | } |
||
| 219 | |||
| 220 | $expose = array('Etag', 'X-CSRF-Token'); |
||
| 221 | foreach (headers_list() as $num => $header) { |
||
| 222 | $h = explode(':', $header); |
||
| 223 | $expose[] = trim($h[0]); |
||
| 224 | } |
||
| 225 | header("Access-Control-Expose-Headers: ".implode(',',$expose)); |
||
| 226 | |||
| 227 | header("Vary: Origin"); |
||
| 228 | } |
||
| 236 | daniel-mar | 229 | |
| 230 | function get_calling_function() { |
||
| 231 | $ex = new Exception(); |
||
| 232 | $trace = $ex->getTrace(); |
||
| 233 | if (!isset($trace[2])) return '(main)'; |
||
| 234 | $final_call = $trace[2]; |
||
| 235 | return $final_call['file'].':'.$final_call['line'].'/'.$final_call['function'].'()'; |
||
| 236 | } |